bitrat | ef509cb0a60d929e4f0acd3696e724397dc8113170df0ef478ea2afaae7800d8 | Triage

Submit
Reports

Overview

overview

Static

static

3

18e07c4772...2f.exe

windows7-x64

18e07c4772...2f.exe

windows10-2004-x64

Sharing

General

Target

18e07c4772a2687ee06a434ffef9572f.exe
Size

7.6MB
Sample

230920-j5ktyahb29
MD5

18e07c4772a2687ee06a434ffef9572f
SHA1

ff1a7e4f53efdbd0935bcf8a8dac338ea96c9dbe
SHA256

ef509cb0a60d929e4f0acd3696e724397dc8113170df0ef478ea2afaae7800d8
SHA512

8795a49d7c5993f24a290e9d5f9299871af4ffd51a66b0656bf0057cdc15b1286350aae55be7b69cec660df1353f5a4dffdc08004a1b447b1b75e5645ac6188b
SSDEEP

196608:eMoIG1kQ7PENK4JQp9ny9MK07ZMCmPSxF:gJB7PGqKMKeBm4F

Score

10^/10

bitrat xenarmor password recovery trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

18e07c4772a2687ee06a434ffef9572f.exe

Resource

win7-20230831-en

bitrat xenarmor password recovery trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

18e07c4772a2687ee06a434ffef9572f.exe

Resource

win10v2004-20230915-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

185.225.75.68:3569

Attributes

communication_password
0edcbe7d888380c49e7d1dcf67b6ea6e
tor_process
tor

Targets

- Target
  
  18e07c4772a2687ee06a434ffef9572f.exe
- Size
  
  7.6MB
- MD5
  
  18e07c4772a2687ee06a434ffef9572f
- SHA1
  
  ff1a7e4f53efdbd0935bcf8a8dac338ea96c9dbe
- SHA256
  
  ef509cb0a60d929e4f0acd3696e724397dc8113170df0ef478ea2afaae7800d8
- SHA512
  
  8795a49d7c5993f24a290e9d5f9299871af4ffd51a66b0656bf0057cdc15b1286350aae55be7b69cec660df1353f5a4dffdc08004a1b447b1b75e5645ac6188b
- SSDEEP
  
  196608:eMoIG1kQ7PENK4JQp9ny9MK07ZMCmPSxF:gJB7PGqKMKeBm4F
Score

10^/10

bitrat xenarmor password recovery trojan upx
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- XenArmor Suite
  XenArmor is as suite of password recovery tools for various application.
  recovery password xenarmor
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bitratxenarmorpasswordrecoverytrojanupx

behavioral2

© 2018-2024

Terms | Privacy